Refactor some shared code between load balancer and cluster ip creation

This commit is contained in:
Margo Crawford 2021-05-21 09:57:46 -07:00
parent 4606f1d8bd
commit b4bb0db6e5
2 changed files with 51 additions and 100 deletions

View File

@ -329,8 +329,8 @@ func (c *impersonatorConfigController) shouldHaveTLSSecret(config *v1alpha1.Impe
return c.shouldHaveImpersonator(config)
}
func (c *impersonatorConfigController) loadBalancerExists() (bool, error) {
_, err := c.servicesInformer.Lister().Services(c.namespace).Get(c.generatedLoadBalancerServiceName)
func (c *impersonatorConfigController) serviceExists(serviceName string) (bool, error) {
_, err := c.servicesInformer.Lister().Services(c.namespace).Get(serviceName)
notFound := k8serrors.IsNotFound(err)
if notFound {
return false, nil
@ -341,40 +341,16 @@ func (c *impersonatorConfigController) loadBalancerExists() (bool, error) {
return true, nil
}
func (c *impersonatorConfigController) clusterIPExists() (bool, error) {
_, err := c.servicesInformer.Lister().Services(c.namespace).Get(c.generatedClusterIPServiceName)
notFound := k8serrors.IsNotFound(err)
if notFound {
return false, nil
}
if err != nil {
return false, err
}
return true, nil
}
func (c *impersonatorConfigController) loadBalancerNeedsUpdate(config *v1alpha1.ImpersonationProxySpec) (bool, error) {
lb, err := c.servicesInformer.Lister().Services(c.namespace).Get(c.generatedLoadBalancerServiceName)
func (c *impersonatorConfigController) serviceNeedsUpdate(config *v1alpha1.ImpersonationProxySpec, serviceName string) (bool, error) {
service, err := c.servicesInformer.Lister().Services(c.namespace).Get(serviceName)
if err != nil {
return false, err
}
// TODO this will break if anything other than pinniped is adding annotations
if !reflect.DeepEqual(lb.Annotations, config.Service.Annotations) {
if !reflect.DeepEqual(service.Annotations, config.Service.Annotations) {
return true, nil
}
if lb.Spec.LoadBalancerIP != config.Service.LoadBalancerIP {
return true, nil
}
return false, nil
}
func (c *impersonatorConfigController) ClusterIPNeedsUpdate(config *v1alpha1.ImpersonationProxySpec) (bool, error) {
clusterIP, err := c.servicesInformer.Lister().Services(c.namespace).Get(c.generatedClusterIPServiceName)
if err != nil {
return false, err
}
// TODO this will break if anything other than pinniped is adding annotations
if !reflect.DeepEqual(clusterIP.Annotations, config.Service.Annotations) {
if service.Spec.LoadBalancerIP != config.Service.LoadBalancerIP {
return true, nil
}
return false, nil
@ -487,33 +463,11 @@ func (c *impersonatorConfigController) ensureLoadBalancerIsStarted(ctx context.C
Annotations: config.Service.Annotations,
},
}
running, err := c.loadBalancerExists()
if err != nil {
return err
}
if running {
needsUpdate, err := c.loadBalancerNeedsUpdate(config)
if err != nil {
return err
}
if needsUpdate {
plog.Info("updating load balancer for impersonation proxy",
"service", c.generatedLoadBalancerServiceName,
"namespace", c.namespace)
_, err = c.k8sClient.CoreV1().Services(c.namespace).Update(ctx, &loadBalancer, metav1.UpdateOptions{})
return err
}
return nil
}
plog.Info("creating load balancer for impersonation proxy",
"service", c.generatedLoadBalancerServiceName,
"namespace", c.namespace)
_, err = c.k8sClient.CoreV1().Services(c.namespace).Create(ctx, &loadBalancer, metav1.CreateOptions{})
return err
return c.createOrUpdateService(ctx, config, &loadBalancer)
}
func (c *impersonatorConfigController) ensureLoadBalancerIsStopped(ctx context.Context) error {
running, err := c.loadBalancerExists()
running, err := c.serviceExists(c.generatedLoadBalancerServiceName)
if err != nil {
return err
}
@ -548,33 +502,11 @@ func (c *impersonatorConfigController) ensureClusterIPServiceIsStarted(ctx conte
Annotations: config.Service.Annotations,
},
}
running, err := c.clusterIPExists()
if err != nil {
return err
}
if running {
needsUpdate, err := c.ClusterIPNeedsUpdate(config)
if err != nil {
return err
}
if needsUpdate {
plog.Info("updating cluster ip for impersonation proxy",
"service", c.generatedLoadBalancerServiceName,
"namespace", c.namespace)
_, err = c.k8sClient.CoreV1().Services(c.namespace).Update(ctx, &clusterIP, metav1.UpdateOptions{})
return err
}
return nil
}
plog.Info("creating cluster ip for impersonation proxy",
"service", c.generatedClusterIPServiceName,
"namespace", c.namespace)
_, err = c.k8sClient.CoreV1().Services(c.namespace).Create(ctx, &clusterIP, metav1.CreateOptions{})
return err
return c.createOrUpdateService(ctx, config, &clusterIP)
}
func (c *impersonatorConfigController) ensureClusterIPServiceIsStopped(ctx context.Context) error {
running, err := c.clusterIPExists()
running, err := c.serviceExists(c.generatedClusterIPServiceName)
if err != nil {
return err
}
@ -588,6 +520,34 @@ func (c *impersonatorConfigController) ensureClusterIPServiceIsStopped(ctx conte
return c.k8sClient.CoreV1().Services(c.namespace).Delete(ctx, c.generatedClusterIPServiceName, metav1.DeleteOptions{})
}
func (c *impersonatorConfigController) createOrUpdateService(ctx context.Context, config *v1alpha1.ImpersonationProxySpec, service *v1.Service) error {
running, err := c.serviceExists(service.Name)
if err != nil {
return err
}
if running {
needsUpdate, err := c.serviceNeedsUpdate(config, service.Name)
if err != nil {
return err
}
if needsUpdate {
plog.Info("updating service for impersonation proxy",
"service type", service.Spec.Type,
"service", service.Name,
"namespace", c.namespace)
_, err = c.k8sClient.CoreV1().Services(c.namespace).Update(ctx, service, metav1.UpdateOptions{})
return err
}
return nil
}
plog.Info("creating service for impersonation proxy",
"service type", service.Spec.Type,
"service", service.Name,
"namespace", c.namespace)
_, err = c.k8sClient.CoreV1().Services(c.namespace).Create(ctx, service, metav1.CreateOptions{})
return err
}
func (c *impersonatorConfigController) ensureTLSSecret(ctx context.Context, nameInfo *certNameInfo, ca *certauthority.CA) error {
secretFromInformer, err := c.secretsInformer.Lister().Secrets(c.namespace).Get(c.tlsSecretName)
notFound := k8serrors.IsNotFound(err)

View File

@ -874,6 +874,14 @@ func TestImpersonatorConfigControllerSync(t *testing.T) {
r.Equal([]v1alpha1.CredentialIssuerStrategy{expectedStrategy}, credentialIssuer.Status.Strategies)
}
var requireServiceWasDeleted = func(action coretesting.Action, serviceName string) {
deleteAction, ok := action.(coretesting.DeleteAction)
r.True(ok, "should have been able to cast this action to DeleteAction: %v", action)
r.Equal("delete", deleteAction.GetVerb())
r.Equal(serviceName, deleteAction.GetName())
r.Equal("services", deleteAction.GetResource().Resource)
}
var requireLoadBalancerWasCreated = func(action coretesting.Action) *corev1.Service {
createAction, ok := action.(coretesting.CreateAction)
r.True(ok, "should have been able to cast this action to CreateAction: %v", action)
@ -887,14 +895,6 @@ func TestImpersonatorConfigControllerSync(t *testing.T) {
return createdLoadBalancerService
}
var requireLoadBalancerWasDeleted = func(action coretesting.Action) {
deleteAction, ok := action.(coretesting.DeleteAction)
r.True(ok, "should have been able to cast this action to DeleteAction: %v", action)
r.Equal("delete", deleteAction.GetVerb())
r.Equal(loadBalancerServiceName, deleteAction.GetName())
r.Equal("services", deleteAction.GetResource().Resource)
}
var requireLoadBalancerWasUpdated = func(action coretesting.Action) *corev1.Service {
updateAction, ok := action.(coretesting.UpdateAction)
r.True(ok, "should have been able to cast this action to UpdateAction: %v", action)
@ -920,15 +920,6 @@ func TestImpersonatorConfigControllerSync(t *testing.T) {
return createdClusterIPService
}
var requireClusterIPWasDeleted = func(action coretesting.Action) {
// TODO maybe de-dup this with loadbalancerwasdeleted
deleteAction, ok := action.(coretesting.DeleteAction)
r.True(ok, "should have been able to cast this action to DeleteAction: %v", action)
r.Equal("delete", deleteAction.GetVerb())
r.Equal(clusterIPServiceName, deleteAction.GetName())
r.Equal("services", deleteAction.GetResource().Resource)
}
var requireClusterIPWasUpdated = func(action coretesting.Action) *corev1.Service {
updateAction, ok := action.(coretesting.UpdateAction)
r.True(ok, "should have been able to cast this action to UpdateAction: %v", action)
@ -1162,7 +1153,7 @@ func TestImpersonatorConfigControllerSync(t *testing.T) {
requireTLSServerWasNeverStarted()
r.Len(kubeAPIClient.Actions(), 3)
requireNodesListed(kubeAPIClient.Actions()[0])
requireLoadBalancerWasDeleted(kubeAPIClient.Actions()[1])
requireServiceWasDeleted(kubeAPIClient.Actions()[1], loadBalancerServiceName)
requireTLSSecretWasDeleted(kubeAPIClient.Actions()[2])
requireCredentialIssuer(newAutoDisabledStrategy())
requireSigningCertProviderIsEmpty()
@ -2102,7 +2093,7 @@ func TestImpersonatorConfigControllerSync(t *testing.T) {
r.NoError(runControllerSync())
requireTLSServerIsNoLongerRunning()
r.Len(kubeAPIClient.Actions(), 4)
requireLoadBalancerWasDeleted(kubeAPIClient.Actions()[3])
requireServiceWasDeleted(kubeAPIClient.Actions()[3], loadBalancerServiceName)
requireCredentialIssuer(newManuallyDisabledStrategy())
requireSigningCertProviderIsEmpty()
@ -2168,7 +2159,7 @@ func TestImpersonatorConfigControllerSync(t *testing.T) {
r.NoError(runControllerSync())
requireTLSServerIsNoLongerRunning()
r.Len(kubeAPIClient.Actions(), 4)
requireClusterIPWasDeleted(kubeAPIClient.Actions()[3])
requireServiceWasDeleted(kubeAPIClient.Actions()[3], clusterIPServiceName)
requireCredentialIssuer(newManuallyDisabledStrategy())
requireSigningCertProviderIsEmpty()
@ -2284,7 +2275,7 @@ func TestImpersonatorConfigControllerSync(t *testing.T) {
r.NoError(runControllerSync())
r.Len(kubeAPIClient.Actions(), 9)
requireLoadBalancerWasDeleted(kubeAPIClient.Actions()[6])
requireServiceWasDeleted(kubeAPIClient.Actions()[6], loadBalancerServiceName)
requireTLSSecretWasDeleted(kubeAPIClient.Actions()[7])
requireTLSSecretWasCreated(kubeAPIClient.Actions()[8], ca) // recreated because the endpoint was updated, reused the old CA
requireTLSServerIsRunning(ca, testServerAddr(), nil)
@ -3102,7 +3093,7 @@ func TestImpersonatorConfigControllerSync(t *testing.T) {
requireTLSServerWasNeverStarted()
r.Len(kubeAPIClient.Actions(), 3)
requireNodesListed(kubeAPIClient.Actions()[0])
requireLoadBalancerWasDeleted(kubeAPIClient.Actions()[1])
requireServiceWasDeleted(kubeAPIClient.Actions()[1], loadBalancerServiceName)
requireTLSSecretWasDeleted(kubeAPIClient.Actions()[2])
})
})